For the last couple of years, we’ve straw-polled security professionals to discover what they think the single biggest security threat of the following year will be. This year we heard from 72 security professionals and have summarised the responses below.
What is the format?
Each year we ask security professionals to tell us what they think the single biggest security threat of the following year will be along with a one sentence explanation. This is a totally subjective answer (and many individuals naturally highlight problems that relate to their own solution).
What are the findings?
Out of 72 usable responses we found a strong leaning towards ransomware (11 responses) and employees (12) while IoT (6) and threats to critical infrastructure (5) were also raised by multiple individuals. The responses have been grouped below in the following sections:
- Employees (12)
- Ransomware (11)
- Repeated responses (14)
- Other suggestions (35)
How does this compare to results from the last couple of years?
Last year the single biggest threat suggested by security professionals was the Internet of Things with 26 responses, while ransomware – which has probably been the biggest threat of 2017 – was only mentioned twice.
In 2016, 14 of the experts we spoke to suggested employees and this seems to be firmly back on the list for next year.
Results of previous polls can be found here:
- What will be the single biggest security threat of 2016?
- What will be the single biggest security threat of 2017?
What did individuals have to say?
All usable responses are cut down to a single sentence and grouped by theme below.
Employees
Always the people
The reality is that your employees are and almost certainly will always be the biggest threat to cyber security.
Tim Hall, CTO at Blue Logic
The ‘soft underbelly’
Whether they are the negligent executives that fail to implement proper cybersecurity policies, unwitting insiders that fall victim to phishing emails, or naive employees that fail to appropriately patch and update their computers, people remain the soft underbelly that malicious actors will exploit to compromise an organisation.
Steve Lakeman, research team at ThreatConnect
Criminals more professional than the target
Cyber criminals are more professional, sophisticated and well-organised than ever before, which makes it tough for end-users to properly defend themselves - a ‘patch-work’ approach simply will not suffice, and digital cyber security must be a continuous and on-going process to succeed.
Eric Berdeaux, CEO at OXIAL
Taken for granted
Technology plays a massive part in our lives today, so much so that we typically take it for granted.
Richard Kennedy, Director of Cloud Services & Infrastructure at Xperience Group
Malicious insider
The biggest cybersecurity threat in 2018 will be the one that catches organisations unaware; the malicious insiders that are even now quietly syphoning off data and secrets from their most secure databases, by taking advantage of a mainframe blind-spot that research shows exists in 84% of global organisations.
John Crossno, Product Manager at Compuware
People are your greatest asset – and vulnerability
As phishing attacks become more sophisticated and socially engineered attacks continue to rise, the real target isn’t infrastructure – it’s the user.
Joe Diamond, Director of Security at Okta
Junior staff often care less
Companies need to be aware of the threat of rogue insiders, particularly when it comes to people in more junior positions with access to sensitive data, who may be disillusioned or less security-savvy than more senior staff.
Andrew Avanessian, COO at Avecto
Insecure user behaviour
The single biggest security threat for 2018 will be the same as it was in 2017 – users – we need to accept that users will continue to behave insecurely, and deploy systems that will protect them by design when they make mistakes.
Fraser Kyne, EMEA CTO at Bromium
The inflection point for insiders
Cybercriminals, like any good business, are looking for the most cost effective model to achieve their goals; 2018 may be the year of an inflection point where it is more cost effective to utilise insiders instead of producing malware, resulting in a dramatic decrease in the amount of malware discovered.
Tim Brown, VP of Security at SolarWinds MSP
End user ignorance
Cyber security is still being treated as an IT issue and yet most of the biggest breaches resulted from some muppet clicking on a phishing email link, plugging a USB in or doing something just plain stupid, so how many companies now run regular cyber threat awareness update sessions for their staff (all staff!)?
John Davies, Director at Pervade Software
Privileged accounts holders
Users with elevated or privileged rights are still the primary target for hackers, and the tendency in recent data breaches shows that once passwords are stolen, organisations struggle to detect harmful actions executed with hijacked accounts - unless they can spot abnormal behaviour of their users.
Csaba Krasznay, Security Evangelist at Balabit
People are the weakest link
People are the weakest link in any organisation’s security chain – if cyber criminals can get through to employees, they are almost certain to be successful in hacking into the organisation.
Martin Ewings, Director of Regional Sales and Specialists Markets UK&I at Experis
Ransomware
Beyond WannaCry and Petya
We expect to see an increased number of ransomware attacks on higher value data, even more damaging than WannaCry and Petya; military institutions and banks could be next on the hit list, as hackers might look to exploit these hugely powerful institutions for even bigger financial benefits.
David Navin, Corporate Security Specialist at Smoothwall
The first house will be held to ransom
Hackers may go as far as locking owners out of their houses – by infiltrating their smart locks – until they pay to get back in.
Jason Hart, CTO of Data Protection at Gemalto
Commodity ransomware
I think commodity ransomware will continue to be the biggest threat in 2018 - almost everyone is a target, and the effects can be devastating.
Chris Doman, Security Researcher at AlienVault
A lucrative revenue stream
Ransomware will continue to be a key threat next year – it’s neither new nor novel but it’s simple to write, has been proven to be effective, and can be an incredibly lucrative avenue for hackers to exploit.
Holly Williams, Penetration Tester at Sec-1
‘Go to’ strategy for criminals
As long as organisations remain vulnerable to attack and slow to recover, it will continue to succeed as a ‘go to’ strategy for cyber criminals.
Gary Watson, Founder and CTO at Nexsan
Beyond “spray and pay”
Ransomware will become more targeted by looking for certain file types and targeting specific companies such as legal, healthcare, and tax preparers rather than “spray and pray” attacks we largely see now.
Brian Baskin from the Threat Analysis Unit (TAU) at Carbon Black
Higher and higher ransoms
Targeted ransomware, because when essential services are targeted specifically, the value of the locked data is huge and the consequences are vast – meaning, the cyber criminals can demand higher and higher ransoms.
Linus Chang, CEO and Founder of Scram Software
Personally identifiable information
GDPR comes into effect next year and has the potential to carry very large fines for companies handling the PII of EU citizens; malicious parties may see this as an easy way to make financial gains by targeting PII in attacks and holding it to ransom.
Thomas Fischer, Global Security Advocate at Digital Guardian
Targeted for impact
Having witnessed the impact of this year’s high-profile ransomware attacks, such as the one that almost brought down the NHS, ransomware will continue to be even more targeted in 2018 as hackers seek top businesses, banks, healthcare institutions and other national-critical organisations to implement even more vindictive, sneaky, and potentially life-threatening attacks –leading to panic if organisations are unable to detect and stop incoming attacks quickly, before damage is done.
Ross Brewer, VP and MD of EMEA at LogRhythm
A targeted ransomware pandemic
In 2017, disruptive ransomware has become the weapon of choice for cyber-criminals due to monetisation which reflects the successful digital transformation of organised crime – as is evident from the nearly daily reports of cyber-attacks in the press, I only see this threat getting worse in 2018.
Chris Goettl, Manager, Product Management for Security at Ivanti
Linux ideal target
Ransomware will increasingly target Linux systems in an effort to further extort larger enterprises - for example, attackers will increasingly look to conduct SQL injections to infect servers and charge a higher ransom price.
Param Singh from the Threat Analysis Unit (TAU) at Carbon Black
Repeated responses
IoT attacks
Reports already show an increase of 280% in IoT attacks in the first half of 2017 alone, this will increase in 2018 with more and more devices becoming connected.
Patrick Clover, Founder of BLACKBX
The home front
The IoT-connected world that surrounds each and every one of us is getting more complex, sharing more of our data in evermore opaque ways and getting less easy for the average user to understand, let alone to have any hope of controlling a perfect security storm.
Nigel Harrison, CEO at Cyber Security Challenge UK
The unknown rising threat of IoT and botnets
We have already seen what IoT devices can do when pooled together by hackers to conduct a DDoS attack, imagine what will they be able to do when re-provisioned for Web Application, Credential Abuse or over the horizon threats.
Jay Coley, Senior Director of Security Planning and Strategy, EMEA at Akamai Technologies
The interface between the cyber and physical world
Proliferation of Attacks against Internet of Things (IoT) and Operational Technology (OT) such as Industrial Control Systems: These systems are the interface between cyber and the physical world and are poorly secured against attack and successful compromises have life safety implications.
Chris Day, CSO at Cyxterra
IoT security is non-existent
The biggest security threat relates to the Internet of Things and it finding growing acceptance - in cars, computers, even scales; but IoT security is non-existent.
Frederik Mennes, Senior Manager of Market & Security Strategy, Security Competence Center at VASCO Data Security
IoT a gateway to businesses
Due to the perfect storm of sprawling supply chains, rampant outsourcing, and the rise of IoT, 2018’s biggest security risk could be Third-party Access Point Attacks or TAP Attacks, in which hackers target businesses via vulnerable suppliers and partners.
Andy Waterhouse, EMEA Pre-Sales Director at RSA Security
Critical infrastructure
The biggest cybersecurity threat in 2018 will be to critical infrastructure — their corporate IT networks as well as operational technology (OT) including devices for industrial control systems (ICS) and supervisory control and data acquisition (SCADA).
Justin Coker, VP EMEA at Skybox Security
“Stealth” hacks on critical infrastructure will require a new approach to security
Sophisticated cyber-attacks will become more unpredictable and take forms we have not seen before.
Salvatore Sinno, Chief Security Architect at Unisys
Ancient national infrastructure
We are likely to see a massive cyberattack on national infrastructure, similar to the attack that brought down the NHS, but this time with hackers targeting CCTV equipment – many of which are open to risk because they sit outside of high security IT and are not regularly updated with firmware.
James Wickes, CEO and Co-Founder at Cloudview
State sponsored actor attacking a major organisation or critical infrastructure
The political landscape is like a tinderbox right now, we just need one wrong tweet from a world leader directed at another, or a wannabe, and it could kick off a cyber war.
Andrew Martin, Founder and CEO at DynaRisk
Phishing for critical infrastructure
2018 will undoubtedly see a big increase in cyberattacks on critical infrastructure worldwide, with phishing continuing to be a key point of entry.
Alan Levine, Security Advisor at Wombat Security Technologies
Spear phishing
Spear phishing (targeted phishing) will become more sophisticated, leveraging or impersonating respected brands and directing unsuspecting users to realistic destinations to harvest credentials and other personal information.
Fabian Libeau, VP EMEA at RiskIQ
Spear phishing attacks
In early 2017, 61% of InfoSec professionals reported experiencing spear phishing attacks, and this year has seen a number of high profile attacks hit the press, from Amber Rudd (responsible for cyber-security in the UK) to Tom Bossert (cyber-security advisor in the US) being affected.
Amy Baker, VP, at Wombat Security Technologies
Shortage of affordable skills
It may feel like a bit of an old chestnut, but a shortage of available and affordable people to fill gaps in cyber security positions at all levels continues to hold back progress – including both potential trainees, and people with experience in the field.
Dr Robert Nowill, Chairman of Cyber Security Challenge UK